A content security policy (CSP) containing a referrer directive with no values can cause a non-exploitable crash. External Reference: https://www.mozilla.org/security/announce/2016/mfsa2016-85.html
Acknowledgments: Name: the Mozilla project Upstream: Atte Kettunen